URL:

https://can01.safelinks.protection.outlook.com/?url=https%253A%252F%252Faddto.password.land%252FXVVJrTFBnYlZjSkdGekovK0NqbHc5bElvUGdyRnhMR2poK2NNckl0UjZaN1JVTnJkaHBTbWluVW5rcEd5NCtYUkVCWUl6dDBIN2pLSXRqdThEOHdDRk53dE5KTFc0Y0hhM2F5K0JJbkdqN0kvNlV6VUJWa05yV21pRGFMa2xnYmFoNTdDZEsxM0QzTElXb2d4MUZTSDFHUGZOenROM1BKMnhxTHZwMHowV0w0SGx5VmdaSWRYdm5YZi0tWE9xVHo1VWdiVTJQaEtEZC0tWk1PSWU2ZlBKUVFBMEQvTUJHRko2dz09%253Fcid%253D2592073359&data=05%257C02%257Cvc3%2540waypoint.ca%257Ca6f9bd0310b5483b83fd08ddbbe7c6ae%257C30c3fb354ca9474585c758aaffc3cab2%257C0%257C0%257C638873326353153312%257CUnknown%257CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%253D%253D%257C0%257C%257C%257C&sdata=uW5gKKBqqY3GVOVuQaffw1N8SAXH2cId5QDFKOgU2h8%253D&reserved=0

Full analysis: https://app.any.run/tasks/94c3edf2-a357-4592-ba13-0cb4528ba563
Verdict: Malicious activity
Analysis date: July 05, 2025, 21:55:35
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
phishing
Indicators:
MD5:

6CACD25D82B6D52A2F859D461486418D

SHA1:

1D3FC43321281B943B8142D02EA3EF8289ABA5F5

SHA256:

C2BC6844575FBCD8223E5227DBB79BD816DB3C5F8442A45EE3CD9ADB16C1D097

SSDEEP:

12:2G9qfJX4ygRPumvgjFy+plAz/XlDgkfv+0X6fFbVTFNqJDG9lXZD69g:2aqNmRmEOqz/XJ+0XCVRNqJWX89g

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • KNOWBE4 has been detected (SURICATA)

      • msedge.exe (PID: 5012)

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 5012)

  • SUSPICIOUS

    • The process connected to a server suspected of theft

      • msedge.exe (PID: 5012)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
151
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
#KNOWBE4 msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
5012"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2180,i,6161488519127897921,10116046693238162506,262144 --variations-seed-version --mojo-platform-channel-handle=2512 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
9
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
5012msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b7compressed
MD5:CF0A5FD70F529FE5882B21BFB94BBA13
SHA256:D0EDE86D4B33FC0DEE9E405678EED6B7F57D88CA734C5FF196C5ED046192CF6C
5012msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\f513ed59-0467-4367-a7e5-e7f4d714bb8e.tmpbinary
MD5:F054A7D6E382DF24018FE84986B710A2
SHA256:4E5235C6B40BCE6C5FD0554D554FCDB38E8016DCDDFA9CAB63103407CAF8DAEB
5012msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b9compressed
MD5:CF0A5FD70F529FE5882B21BFB94BBA13
SHA256:D0EDE86D4B33FC0DEE9E405678EED6B7F57D88CA734C5FF196C5ED046192CF6C
5012msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent Statebinary
MD5:F054A7D6E382DF24018FE84986B710A2
SHA256:4E5235C6B40BCE6C5FD0554D554FCDB38E8016DCDDFA9CAB63103407CAF8DAEB
5012msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RFc7082.TMPbinary
MD5:8CA6AC4CD0D4F8B2EA5A9FC6FD4311D7
SHA256:EE810A451AEA499C3D6F89EDB840ED025DF0937874485A211A3BB39F915F4EA0
5012msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b8compressed
MD5:4E57002D62ECEB6A5F033BFA4907358D
SHA256:10933D5F27D05B9BAD2576A92D2F0A4E8C6D34DFBC965A350D0CDEE4D8D8B035
5012msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b6html
MD5:D8798AAE777F6C93C53155F081A8C8EA
SHA256:69FEB31D20F8340079383EB02BD89606E55D53476E2C1A9D70646E3A19FE4A25
5012msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bacompressed
MD5:4E57002D62ECEB6A5F033BFA4907358D
SHA256:10933D5F27D05B9BAD2576A92D2F0A4E8C6D34DFBC965A350D0CDEE4D8D8B035
5012msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bbcompressed
MD5:35B5D9F676749FBB797019B9540174F5
SHA256:AE96909DB92D89724804DABFD870B8B62D7BDA8E02B7327FE835ECF97097D5F3
5012msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b5binary
MD5:ED814DB680DCE5BAF71A913825117042
SHA256:051874E37194F6573CDF2FEB40D67E698ECF39B52648E39F6AAC62E0C4D547AE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
72
TCP/UDP connections
69
DNS requests
53
Threats
16

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
302
52.102.113.47:443
https://can01.safelinks.protection.outlook.com/?url=https%253A%252F%252Faddto.password.land%252FXVVJrTFBnYlZjSkdGekovK0NqbHc5bElvUGdyRnhMR2poK2NNckl0UjZaN1JVTnJkaHBTbWluVW5rcEd5NCtYUkVCWUl6dDBIN2pLSXRqdThEOHdDRk53dE5KTFc0Y0hhM2F5K0JJbkdqN0kvNlV6VUJWa05yV21pRGFMa2xnYmFoNTdDZEsxM0QzTElXb2d4MUZTSDFHUGZOenROM1BKMnhxTHZwMHowV0w0SGx5VmdaSWRYdm5YZi0tWE9xVHo1VWdiVTJQaEtEZC0tWk1PSWU2ZlBKUVFBMEQvTUJHRko2dz09%253Fcid%253D2592073359&data=05%257C02%257Cvc3%2540waypoint.ca%257Ca6f9bd0310b5483b83fd08ddbbe7c6ae%257C30c3fb354ca9474585c758aaffc3cab2%257C0%257C0%257C638873326353153312%257CUnknown%257CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%253D%253D%257C0%257C%257C%257C&sdata=uW5gKKBqqY3GVOVuQaffw1N8SAXH2cId5QDFKOgU2h8%253D&reserved=0
unknown
html
465 b
whitelisted
HEAD
403
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/4c4fdee0-d69c-42b7-bf5c-3ec046e9dfc9?P1=1751247403&P2=404&P3=2&P4=KIOuyaltQzGUv9%2fRXevwe%2b%2fSXHyfYvf%2f5L%2fb6O%2fEjuA9bg7JGUT71DQcxatSu%2by%2f0Fb5ScE2gwu8%2bMYnHtBQiQ%3d%3d
unknown
whitelisted
HEAD
200
23.197.142.186:443
https://fs.microsoft.com/fs/windows/config.json
unknown
GET
200
23.197.142.186:443
https://fs.microsoft.com/fs/windows/config.json
unknown
binary
55 b
whitelisted
1080
svchost.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
18.173.205.50:443
https://addto.password.land/XVVJrTFBnYlZjSkdGekovK0NqbHc5bElvUGdyRnhMR2poK2NNckl0UjZaN1JVTnJkaHBTbWluVW5rcEd5NCtYUkVCWUl6dDBIN2pLSXRqdThEOHdDRk53dE5KTFc0Y0hhM2F5K0JJbkdqN0kvNlV6VUJWa05yV21pRGFMa2xnYmFoNTdDZEsxM0QzTElXb2d4MUZTSDFHUGZOenROM1BKMnhxTHZwMHowV0w0SGx5VmdaSWRYdm5YZi0tWE9xVHo1VWdiVTJQaEtEZC0tWk1PSWU2ZlBKUVFBMEQvTUJHRko2dz09?cid=2592073359
unknown
html
452 b
POST
200
150.171.28.11:443
https://edge.microsoft.com/componentupdater/api/v1/update
unknown
text
1.48 Kb
whitelisted
4296
RUXIMICS.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5012
msedge.exe
GET
403
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/4c4fdee0-d69c-42b7-bf5c-3ec046e9dfc9?P1=1751247403&P2=404&P3=2&P4=KIOuyaltQzGUv9%2fRXevwe%2b%2fSXHyfYvf%2f5L%2fb6O%2fEjuA9bg7JGUT71DQcxatSu%2by%2f0Fb5ScE2gwu8%2bMYnHtBQiQ%3d%3d
unknown
whitelisted
5336
MoUsoCoreWorker.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4296
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5336
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1080
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
224.0.0.251:5353
unknown
199.232.210.172:80
msedge.b.tlu.dl.delivery.mp.microsoft.com
FASTLY
US
whitelisted
4900
svchost.exe
23.197.142.186:443
fs.microsoft.com
Akamai International B.V.
US
whitelisted
5012
msedge.exe
52.102.113.47:443
can01.safelinks.protection.outlook.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1080
svchost.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4296
RUXIMICS.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5012
msedge.exe
3.229.81.136:443
addto.password.land
AMAZON-AES
US
whitelisted

DNS requests

Domain
IP
Reputation
msedge.b.tlu.dl.delivery.mp.microsoft.com
  • 199.232.210.172
  • 199.232.214.172
  • 23.48.23.66
  • 23.48.23.65
  • 23.48.23.7
  • 23.48.23.27
  • 23.48.23.56
whitelisted
google.com
  • 142.250.186.78
whitelisted
fs.microsoft.com
  • 23.197.142.186
whitelisted
can01.safelinks.protection.outlook.com
  • 52.102.113.47
  • 52.102.113.50
  • 52.102.113.8
  • 52.102.113.9
  • 52.102.113.13
  • 52.102.113.12
  • 52.102.113.0
  • 52.102.113.41
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
whitelisted
addto.password.land
  • 3.229.81.136
  • 52.6.208.61
unknown
www.microsoft.com
  • 23.35.229.160
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
www.bing.com
  • 92.123.104.52
  • 92.123.104.63
  • 92.123.104.19
  • 92.123.104.28
  • 92.123.104.59
  • 92.123.104.38
  • 92.123.104.33
  • 92.123.104.62
  • 92.123.104.32
  • 92.123.104.44
  • 92.123.104.34
whitelisted
secured-login.net
  • 3.229.81.136
  • 52.6.208.61
whitelisted

Threats

PID
Process
Class
Message
Successful Credential Theft Detected
ET INFO Observed DNS Query to KnowBe4 Simulated Phish Domain
Possible Social Engineering Attempted
PHISHING [ANY.RUN] KnowBe4: Security Awareness Training (secured-login. net)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] KnowBe4: Security Awareness Training (secured-login. net)
Successful Credential Theft Detected
ET INFO Observed KnowBe4/Popcorn Training Simulated Phish Landing Page M2
Possible Social Engineering Attempted
PHISHING [ANY.RUN] KnowBe4: Security Awareness Training (knowbe4 .com)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] KnowBe4: Security Awareness Training (knowbe4 .com)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing Training domain ( .knowbe4 .)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing Training domain ( .knowbe4 .)
Not Suspicious Traffic
INFO [ANY.RUN] Global content delivery network (unpkg .com)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] KnowBe4: Security Awareness Training (knowbe4 .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://can01.safelinks.protection.outlook.com/?url=https%253A%252F%252Faddto.password.land%252FXVVJrTFBnYlZjSkdGekovK0NqbHc5bElvUGdyRnhMR2poK2NNckl0UjZaN1JVTnJkaHBTbWluVW5rcEd5NCtYUkVCWUl6dDBIN2pLSXRqdThEOHdDRk53dE5KTFc0Y0hhM2F5K0JJbkdqN0kvNlV6VUJWa05yV21pRGFMa2xnYmFoNTdDZEsxM0QzTElXb2d4MUZTSDFHUGZOenROM1BKMnhxTHZwMHowV0w0SGx5VmdaSWRYdm5YZi0tWE9xVHo1VWdiVTJQaEtEZC0tWk1PSWU2ZlBKUVFBMEQvTUJHRko2dz09%253Fcid%253D2592073359&data=05%257C02%257Cvc3%2540waypoint.ca%257Ca6f9bd0310b5483b83fd08ddbbe7c6ae%257C30c3fb354ca9474585c758aaffc3cab2%257C0%257C0%257C638873326353153312%257CUnknown%257CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%253D%253D%257C0%257C%257C%257C&sdata=uW5gKKBqqY3GVOVuQaffw1N8SAXH2cId5QDFKOgU2h8%253D&reserved=0